Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service providers. These flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain name registration. The vulnerability could allow attackers to access sensitive information from corporate networks. Two of the major DNS providers (Google and Amazon) have already fixed these flaws, but others are still likely vulnerable. Microsoft, who could tweak the dynamic DNS algorithm which allows Windows endpoints to leak internal network traffic to malicious DNS servers, already told Wiz that this is not a vulnerability.
Source: https://www.bleepingcomputer.com/news/security/new-dns-vulnerability-allows-nation-state-level-spying-on-companies/